Called Ekans (also known as Snake) extortion software first appeared in December 2019, and for industrial control system (ICS).
According to reports, since Ekans the first time, researchers from the various security agencies of its analysis, found that many Ekans can stop the process of application and operation of the industrial control system (ICS) related.
In this regard, Dragos researchers said: "Although not completely rule out the possibility Dragos use of state-sponsored, but the available evidence is more strongly linked to non-State actors, including criminal entity, including the results, you can. like other ransomware family have seen, to sell it to the relevant market or crime, for other entities. "
According to Dragos researchers said the malware can not spread on their own, it relies on the attacker started interactively or through a script. Therefore, since the hacker must maintain access to the system users throughout the course of the attack, compared with the majority of ransomware, it's less destructive.
The researchers believe that the malware is sponsored by Iran. Meanwhile, EKANS seems similar to the second edition MegaCortex ransomware, which also has a number of features specific to industrial control systems related commands and procedures designed to prevent ransomware attacks of these functions.